Also set login_failed in case of form errors

If we send a POST request to the login page which contained form errors (e.g. a too short password), the variable "login_failed" was not set to true. This condition was tested by the test suite however, so we should make sure that login_failed is set even if the form failed to validate. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2013-01-21 16:27:19 +01:00 · 2013-01-21 16:27:19 +01:00 · 69b5623552
commit 69b5623552
parent a89df96132
1 changed files with 12 additions and 11 deletions
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@ -112,20 +112,21 @@ def login(request):

    login_failed = False

-    if request.method == 'POST' and login_form.validate():
-        user = User.query.filter_by(username=login_form.data['username']).first()
+    if request.method == 'POST':
+        if login_form.validate():
+            user = User.query.filter_by(username=login_form.data['username']).first()

-        if user and user.check_login(request.form['password']):
-            # set up login in session
-            request.session['user_id'] = unicode(user.id)
-            request.session.save()
+            if user and user.check_login(request.form['password']):
+                # set up login in session
+                request.session['user_id'] = unicode(user.id)
+                request.session.save()

-            if request.form.get('next'):
-                return redirect(request, location=request.form['next'])
-            else:
-                return redirect(request, "index")
+                if request.form.get('next'):
+                    return redirect(request, location=request.form['next'])
+                else:
+                    return redirect(request, "index")

-        else:
+            # Some failure during login occured if we are here!
            # Prevent detecting who's on this system by testing login
            # attempt timings
            auth_lib.fake_login_attempt()